The Biden administration has been pushing carmakers to transition to electric vehicles (EVs) to address the climate crisis. This has led the National Institute of Standards and Technology (NIST), the primary US agency for technology and competition, to issue new draft USA Cybersecurity guidelines calling for the EV industry to guard against domestic and international hacking.
The NIST guidance specifically focuses on securing digital payment systems on charging stations and the EV equipment connected to the power grid. Without proper cybersecurity measures, EV charging stations could be vulnerable to hacking, potentially leading to the theft of customer data or even blackouts.
“Without basic cybersecurity guidelines or standards for EV charging stations, companies could connect equipment that might be vulnerable to hackers. “It’s kind of like ‘Bring your own device to the grid“
Megan Samford, chief product security officer for energy management at Schneider Electric
As the US and Europe strive to increase EV production and adoption, there is a risk that cybersecurity protections might be overlooked. Researchers have warned that hackers could infiltrate EV charging networks to steal customer data or cause damaging effects to the electric grid and potentially engineer blackouts.
In April 2023, the Biden administration proposed tougher car emissions targets to accelerate the transition to EVs and plans for EVs to make up half of all new vehicle sales by 2030. Additionally, a 2021 US infrastructure law allocated $7.5 billion to expand EV charging stations.
What is NIST Cybersecurity Framework
The NIST Cybersecurity Framework [NIST-CSF] is a voluntary, risk-based assemblage of industry standards and best practices designed to help organizations manage cybersecurity risks. Standards listed in the informative reference section are simply recognized best practices or provide relevant information and are not meant to represent any type of regulatory or compliance mandate from this document.
Current, draft USA Cybersecurity guidelines
NIST has recently released the initial public draft for Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains:
- Electric Vehicles (EV);
- Extreme Fast Charging (XFC);
- XFC Cloud or Third-Party Operations;
- and Utility and Building Networks.
The guidelines provides a foundational profile that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. The profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.
Download USA Cybersecurity guidelines
NIST is collecting comments from the public until Aug. 28 and then plans to finalize the guidelines.By implementing these cybersecurity measures, the industry can safeguard against domestic and international hacking threats and ensure the secure expansion of EV charging networks.
